[Asterisk-Users] RE: IAX Incoming/Outgoing

picciuX matteo at picciux.it
Sun Mar 26 04:25:57 MST 2006 

Look, you don't have to necessarily specify a username when Dial(.....).
It's sufficient ti specify the username in the peer declarations:

On pbx1:

[pbx2]
type=friend
username=pbx1 ; this is user for OUTGOING connections
host=w.x.y.z
inkeys=pbx2
outkeys=pbx1
.....
context=....

[pbx3]
type=friend
username=pbx1 ; this is user for OUTGOING connections
host=w.x.y.z
inkeys=pbx3
outkeys=pbx1
.....
context=....

On pbx2:

[pbx1]
type=friend
username=pbx2 ; this is user for OUTGOING connections
host=w.x.y.z
inkeys=pbx1
outkeys=pbx2
.....
context=....

[pbx3]
type=friend
username=pbx2 ; this is user for OUTGOING connections
host=w.x.y.z
inkeys=pbx3
outkeys=pbx2
.....
context=....

On pbx3:

[pbx1]
type=friend
username=pbx3 ; this is user for OUTGOING connections
host=w.x.y.z
inkeys=pbx1
outkeys=pbx3
.....
context=....

[pbx2]
type=friend
username=pbx3 ; this is user for OUTGOING connections
host=w.x.y.z
inkeys=pbx2
outkeys=pbx3
.....
context=....


Simple: 3 boxes, 3 usernames, 3 public/private key couples.

Hope this helps


2006/3/25, Douglas Garstang <dgarstang at oneeighty.com>:
>
> I could ask why it can't authenticate against the key, but we've already
> been there.
>
> So, if I have 5 asterisk systems, and I want to have a different key on
> each, and each system has a user and a peer section, and I have to use
> different usernames... oh boy... this sounds like a horrible mess.
>
>
> > -----Original Message-----
> > From: Joshua Colp [mailto:joshnet at nbnet.nb.ca]
> > Sent: Saturday, March 25, 2006 12:19 PM
> > To: Asterisk Users Mailing List - Non-Commercial Discussion
> > Subject: RE: [Asterisk-Users] RE: IAX Incoming/Outgoing
> >
> >
> > It still needs to know the username so it knows what entry in
> > iax.conf to use for that information, such as the key to use.
> >
> > Joshua Colp
> >
> > ----- Original Message -----
> > From: Douglas Garstang
> > [mailto:dgarstang at oneeighty.com]
> > To: Asterisk Users Mailing List -
> > Non-Commercial Discussion [mailto:asterisk-users at lists.digium.com]
> > Sent:
> > Sat, 25 Mar 2006 15:15:24 -0400
> > Subject: RE: [Asterisk-Users] RE: IAX
> > Incoming/Outgoing
> >
> >
> > > Why do I need a username at all if I am doing rsa
> > authentication? Why
> > > doesn't it match against the key?
> > >
> > > > -----Original Message-----
> > > > From: Joshua Colp [mailto:joshnet at nbnet.nb.ca]
> > > > Sent: Saturday, March 25, 2006 12:11 PM
> > > > To: Asterisk Users Mailing List - Non-Commercial Discussion
> > > > Subject: RE: [Asterisk-Users] RE: IAX Incoming/Outgoing
> > > >
> > > >
> > > > You do realize you're not sending along a username so it's
> > > > using another method to try to discover the username you're
> > > > trying to authenticate as on the server side? Apparently not.
> > > >
> > > > IAX2/username_to_use at peer_entry_to_use/extension at context
> > > >
> > > > Joshua Colp
> > > >
> > > > ----- Original Message -----
> > > > From: Douglas Garstang
> > > > [mailto:dgarstang at oneeighty.com]
> > > > To: Asterisk Users Mailing List -
> > > > Non-Commercial Discussion [mailto:asterisk-users at lists.digium.com]
> > > > Sent:
> > > > Sat, 25 Mar 2006 14:55:28 -0400
> > > > Subject: RE: [Asterisk-Users] RE: IAX
> > > > Incoming/Outgoing
> > > >
> > > >
> > > > > Well, I just tried your approach. I broke them all up into
> > > > users/peers. Now
> > > > > it makes even LESS sense. The pbx1 system is connecting to
> > > > the pbx2 system,
> > > > > and according to the iax debug, is sending a username of
> > > > 'pbx3_in'. *lol*
> > > > >
> > > > > [pbx1_in]
> > > > > type=user
> > > > > auth=rsa
> > > > > inkeys=pbx1
> > > > > context=global_pbx_transfer
> > > > > deny=0.0.0.0
> > > > > permit=xxx.187.142.203
> > > > >
> > > > > [pbx1_out]
> > > > > type=peer
> > > > > auth=rsa
> > > > > outkey=pbx1
> > > > > host=pbx1.ipt.yyy.com
> > > > >
> > > > > [pbx2_in]
> > > > > type=user
> > > > > auth=rsa
> > > > > inkeys=pbx2
> > > > > context=global_pbx_transfer
> > > > > deny=0.0.0.0
> > > > > permit=xxx.187.142.204
> > > > >
> > > > > [pbx2_out]
> > > > > type=peer
> > > > > auth=rsa
> > > > > outkey=pbx1
> > > > > host=pbx2.ipt.yyy.com
> > > > >
> > > > > [pbx3_in]
> > > > > type=user
> > > > > auth=rsa
> > > > > inkeys=pbx3
> > > > > context=global_pbx_transfer
> > > > > deny=0.0.0.0
> > > > > permit=xxx.187.142.234
> > > > >
> > > > > [pbx3_out]
> > > > > type=peer
> > > > > auth=rsa
> > > > > outkey=pbx1
> > > > > host=pbx3.ipt.yyy.com
> > > > >
> > > > > Here's how I connect:
> > > > > exten =>
> > > > >
> > s-CHANUNAVAIL,1,Dial(IAX2/pbx2_out/${ARG1}@global_pbx_transfer,25,g)
> > > > >
> > > > > and here's the IAX debug:
> > > > > Tx-Frame Retry[000] -- OSeqno: 000 ISeqno: 000 Type: IAX
> > > >  Subclass: NEW
> > > > >
> > > > >    Timestamp: 00003ms  SCall: 00001  DCall: 00000
> > > > [xxx.187.142.204:4569]
> > > > >    VERSION         : 2
> > > > >    CALLED NUMBER   : 2944099
> > > > >    CODEC_PREFS     : (ulaw|g729)
> > > > >    CALLING NUMBER  : 2944093
> > > > >    CALLING PRESNTN : 0
> > > > >    CALLING TYPEOFN : 0
> > > > >    CALLING TRANSIT : 0
> > > > >    CALLING NAME    : Foo
> > > > >    LANGUAGE        : en
> > > > >    CALLED CONTEXT  : global_pbx_transfer
> > > > >    FORMAT          : 4
> > > > >    CAPABILITY      : 65535
> > > > >    ADSICPE         : 2
> > > > >    DATE TIME       : 2006-03-25  11:54:36
> > > > > hestia*CLI>
> > > > >     -- Called pbx2_out/2944099 at global_pbx_transfer
> > > > > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX
> > > >  Subclass: ACK
> > > > >
> > > > >    Timestamp: 00003ms  SCall: 00002  DCall: 00001
> > > > [xxx.187.142.204:4569]
> > > > > Rx-Frame Retry[ No] -- OSeqno: 000 ISeqno: 001 Type: IAX
> > > >  Subclass:
> > > > > AUTHREQ
> > > > >    Timestamp: 00005ms  SCall: 00002  DCall: 00001
> > > > [xxx.187.142.204:4569]
> > > > >    AUTHMETHODS     : 4
> > > > >    CHALLENGE       : 129428696
> > > > >    USERNAME        : pbx3_in           <---- WHAT THE HELL
> > > > IS THIS DOING
> > > > > HERE?
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Brian Capouch [mailto:brianc at palaver.net]
> > > > > > Sent: Saturday, March 25, 2006 11:46 AM
> > > > > > To: Asterisk Users Mailing List - Non-Commercial Discussion
> > > > > > Subject: Re: [Asterisk-Users] RE: IAX Incoming/Outgoing
> > > > > >
> > > > > >
> > > > > > Douglas Garstang wrote:
> > > > > > > This is INSANE! My calling system has this iax.conf:
> > > > > > >
> > > > > >
> > > > > > Search the archives for mails about separating
> > > > > > originations/terminations
> > > > > > by removing all friends and setting up the various
> > > > > > interoperating boxes
> > > > > > in a peer-user arrangement.
> > > > > >
> > > > > > I am pretty certain there are archived mails that urge
> > > > people who use
> > > > > > IAX to do that, and indicating that the various possible
> > > > ambiguities
> > > > > > with IAX friends is not a Good Thing.
> > > > > >
> > > > > > That would seem borne out by your experiences.
> > > > > >
> > > > > > I would also follow the time-honored programming technique of
> > > > > > removing
> > > > > > many of your constraints (keys, allow/disallows, etc.) in
> > > > order to
> > > > > > remove as many causes of uncertainty as possible.  Then once
> > > > > > the boxes
> > > > > > are talking those things can be added back in a controlled
> > > > > > manner.  To
> > > > > > my eyes your configurations have an awful lot of
> > variable factors.
> > > > > >
> > > > > > Just where the insanity lies is another issue, which I don't
> > > > > > care to get
> > > > > > into at the present time :-)
> > > > > >
> > > > > > B.
> > > > > > _______________________________________________
> > > > > > --Bandwidth and Colocation provided by Easynews.com --
> > > > > >
> > > > > > Asterisk-Users mailing list
> > > > > > To UNSUBSCRIBE or update options visit:
> > > > > >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > > > > >
> > > > > _______________________________________________
> > > > > --Bandwidth and Colocation provided by Easynews.com --
> > > > >
> > > > > Asterisk-Users mailing list
> > > > > To UNSUBSCRIBE or update options visit:
> > > > >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > > > >
> > > > _______________________________________________
> > > > --Bandwidth and Colocation provided by Easynews.com --
> > > >
> > > > Asterisk-Users mailing list
> > > > To UNSUBSCRIBE or update options visit:
> > > >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > > >
> > > _______________________________________________
> > > --Bandwidth and Colocation provided by Easynews.com --
> > >
> > > Asterisk-Users mailing list
> > > To UNSUBSCRIBE or update options visit:
> > >    http://lists.digium.com/mailman/listinfo/asterisk-users
> > >
> > _______________________________________________
> > --Bandwidth and Colocation provided by Easynews.com --
> >
> > Asterisk-Users mailing list
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> Asterisk-Users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060326/c3d2684e/attachment.htm

More information about the asterisk-users mailing list